From: dac.override@gmail.com (Dominick Grift) Date: Fri, 2 Sep 2016 15:48:06 +0200 Subject: [refpolicy] [PATCH] gpg: public key signature verification in evolution In-Reply-To: <1472815602.23008.8.camel@trentalancia.net> References: <1472737946.17989.0.camel@trentalancia.net> <7958812d-93fe-ded7-fb23-6d02c150bcb3@ieee.org> <1472815602.23008.8.camel@trentalancia.net> Message-ID: <09e0ed56-7f4d-71e8-d970-acecc18e2376@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/02/2016 01:26 PM, Guido Trentalancia wrote: > Hello Dominick. > > On Fri, 02/09/2016 at 10.48 +0200, Dominick Grift via refpolicy wrote: >> On 09/02/2016 01:26 AM, Chris PeBenito via refpolicy wrote: >>> >>> On 09/01/16 09:52, Guido Trentalancia via refpolicy wrote: >>>> >>>> Let gpg verify public key signatures in the evolution mail client >>>> application. >>>> >>>> Signed-off-by: Guido Trentalancia >>>> --- >>>> policy/modules/contrib/evolution.if | 21 +++++++++++++++++++++ >>>> policy/modules/contrib/gpg.te | 4 ++++ >>>> 2 files changed, 25 insertions(+) >>>> >>>> --- refpolicy-git-06082016- >>>> orig/policy/modules/contrib/evolution.if 2016-08-06 >>>> 21:27:11.349094280 +0200 >>>> +++ refpolicy-git-06082016/policy/modules/contrib/evolution.if >>>> 2016-09-01 15:33:27.072148930 +0200 >>>> @@ -128,6 +128,27 @@ interface(`evolution_stream_connect',` >>>> >>>> ######################################## >>>> ## >>>> +## Read evolution orbit temporary >>>> +## files. >>>> +## >>>> +## >>>> +## >>>> +## Domain allowed access. >>>> +## >>>> +## >>>> +# >>>> +interface(`evolution_read_orbit_tmp_t',` >>> >>> evolution_read_orbit_tmp_files() >>> >>> >> >> You dont have to mention "orbit" at all. There are only sockets in >> orbit, and push comes to show that's just a evolution socket. This >> file >> is outside of orbit and so it have nothing to do with orbit >> >> so i would just use evolution_read_tmp_files() >> >> however eventually it probably need rw instead of r, For example when >> you sign emails. > > Let's try to sign this message and see if it also requires write > permissions... > is that PGP/MIME or in-line signing? I dont use evolution so not sure if it even support in-line signatures or PGP/MIME Either way, would be easy enough to adjust if and when someone needs it I still don't like the reference to orbit though > Guido > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160902/56c5ec4d/attachment.bin